Set correct auth settings for all actions

A test has been added to RequestHandlerTest, making sure that, while we merely log errors for the time being, the correct dummy AuthResult is being created.

Most actions use the default settings, which have been changed to INTERNAL / APP / IGNORED. Actions with non-default settings are:

INTERNAL/NONE/PUBLIC (non-auth public endpoints)

CheckApiAction
WhoisHttpServer
Rdap*Action

INTERNAL,API/APP/ADMIN (things currently protected by web.xml)

EppTlsAction
EppToolAction
CreateGroupsAction
CreatePremiumListAction
DeleteEntityAction
List*sAction
UpdatePremiumListAction
VerifyOteAction
WhoisServer

INTERNAL,API,LEGACY/USER/PUBLIC (registrar console)

RegistrarPaymentAction
RegistrarPaymentSetupAction
RegistrarSettingsAction
EppConsoleAction

INTERNAL,API,LEGACY/NONE/PUBLIC (registrar console main page)

ConsoleUiAction

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=149761652

java/google/registry/request/auth/Auth.java

@@ -59,8 +59,7 @@ public @interface Auth {
   AuthMethod[] methods() default { AuthMethod.INTERNAL };
 
   /** Required minimum level of authentication for this action. */
-  // TODO(mountford) This should probably default to APP eventually.
-  AuthLevel minimumLevel() default AuthLevel.NONE;
+  AuthLevel minimumLevel() default AuthLevel.APP;
 
   /** Required user authorization policy for this action. */
   UserPolicy userPolicy() default UserPolicy.IGNORED;

java/google/registry/request/auth/RequestAuthenticator.java

@@ -70,6 +70,7 @@ public class RequestAuthenticator {
       case USER:
         if (authResult.authLevel() != AuthLevel.USER) {
           logger.info("Not authorized; no authenticated user");
+          // TODO(mountford): change this so that the caller knows to return a more helpful error
           return Optional.absent();
         }
         break;